Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cisco PIX bug, discussions (lengthy)

From: Aleph One <aleph1 () dfw net>
Date: Thu, 27 Aug 1998 18:51:36 -0500 (CDT)
On Wed, 26 Aug 1998, John McDermott wrote:


I agree here, too, which prompts a question: is there some (simple) attack 
I can use to demonstrate that SPFs in their current form(s) are 
(inherently) less secure than proxies?  IOW I would like to set up a simple 
demo to show that the internal systems can be successfully attacked even 
with an SPF firewall in place. [I am *not* trying to prove SPFs better if 
such an attack cannot be found; but rather I'd like to demonstrate in a 
classroom that even with an SPF a network is not as secure as it might be.]


Use any DoS attack on the internal machine's TCP/IP stack (e.g. teardrop,
land).


--john

-------------------------------------
Name: John McDermott
VOICE: 505/377-6293 FAX 505/377-6313
E-mail: John McDermott <jjm () jkintl com>
Writer and Computer Consultant
-------------------------------------



Aleph One / aleph1 () dfw net
http://underground.org/
KeyID 1024/948FD6B5 
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01
Previous By Date Next
Previous By Thread Next

Current thread: